Disabling password policy for platform users

You can disable password policy for platform users by using the ap_ldap_ppolicy.pl utility.

About this task

If you choose to disable password policy for platform users, ensure that you have communicated it to your administrator.

Once password policy is disabled, the password policy attributes are set to undefined and password complexity values are set to system defaults.

If you also need to disable password complexity system default values, you must set the attributes to zero (0) values using the command ap_ldap_ppolicy.pl update. However, for security reasons, the password minimum length attribute pwdMinLength parameter should not be given less than 8 characters.

Once the appliance defined password complexity attributes are set to zero (0) values, the password change mechanism follows the operating system password complexity rules. User can then provide simple passwords using any combination of alphabet and numeric characters, but dictionary words and simple patterns will not be allowed.

Procedure

  1. Log in to the first (node0101) or second (node0102) node of IAS as apuser, or any user in the ibmapadmin group.
  2. Run the following command to disable password policy for platform users:
    ap_ldap_ppolicy.pl disable
    WARNING:This operation disables default password policy for Internal LDAP
    platform users
    
    Do you want to go ahead with disable operation? (yes/no)?yes
    Successfully disabled password policy for internal LDAP directory.